Skip to main content

Illumio Core What's New and Release Notes for Release 24.2

Resolved Issues in Release 24.2.0

Enterprise Server

  • Bug in nftables versions pre-0.9.2 preventing policy application (E-116635)

    The policy would fail to load on VENs installed on RHEL Linux 8/9 workloads with a version of nftables earlier than 0.9.2. This issue is fixed.

  • On occasion, ransomware dashboard widgets were not updating or populating ( E-116603)

  • App Group's enforcement state shows as "Mixed" by mistake (E-116536)

    The enforcement state of the App Group incorrectly displays 'Mixed' when a workload has 'Selective' enforcement along with unmanaged workloads. To accurately define the enforcement state as 'Mixed' for an app group, the issue was resolved by excluding the state of unmanaged workloads.

  • High latency was observed when loading an app group list page (E-116521)

    This issue is fixed.

  • Traffic queries would fail when the "Source OR Destination" field had an APP label ( E-116365)

    Traffic searches failed when the search type was set to "Source OR Destination" and when an APP label was used.

    This issue is fixed.

  • Issue affecting the persistent connection between PCE and VEN (E-116177)

    A regression was introduced into 22.5.33 and 23.2.23 Windows VEN, which could cause the Event Channel between VEN and PCE to stop functioning, resulting in a policy convergence delay.

    This issue is fixed.

  • FQDN missing from the "Connections with unknown IP" view ( E-116077)

    This issue is fixed.

  • Different behavior of filters was observed in the map versus traffic views ( E-115933)

    Works as designed.

  • AND operator showing between labels of the same type (E-115653)

    The AND operator was showing between labels of the same type in Traffic query fields (UI display only).

    This issue is fixed.

  • In Illumination Plus, users were unable to write rules based on port numbers (E-115225)

    This issue is fixed.

  • Unable to create new service from within rules ad ruleset page (E-115210)

    Users experienced slow performance, resulting in a long time to create a new service from the rules and rulesets page.

    This issue is resolved.

  • Saving filters in Illumination Plus (E-115189)

    Since the SCP2 upgrade, a customer was unable to save filters in Illumination Plus. This issue is fixed.

  • Save and Provision for a rule fails (E-115047)

    After performing Save and Provision for the rule, the Comment field did not show up and the rule was not provisioned.

    This issue was fixed.

  • Upgrade json-jwt-1.13.0.gem to N/A or higher to address CVE-2024-51774 (E-114939)

    The json-jwt (aka JSON::JWT) gem version 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack.

    This issue is resolved after upgrading json-jwt to version 1.16.6.

  • Script needed for default profile recreation and sync migration ( E-113855)

    A script was needed for default profile recreation and sync migration with release 23.2 and later.

    This issue is fixed.

  • Upgrade rails-6.1.7.4.gem to 6.1.7.7, 7.0.8.1, or higher to address CVE-2024-26144 ( E-114138)

    Starting with Rails version 5.2.0, there was a possible sensitive session information leak in Active Storage. This vulnerability was fixed in Rails releases 7.0.8.1 and 6.1.7.7 and this issue will not be addressed.

  • The ilo-pce command should not require sudo access (E-113745)

    Remove 'sudo' in services/cron_perfmon/bin/avn_perfmon.sh and then test. It is not critical to know the program name of processes users don't own.

  • Script needed for default profile recreation and sync migration (E-113855)

    A script was needed for default profile recreation and sync migration with release 23.2 and later.

    This issue is fixed.

  • App Group Rule Listing is missing Rulesets (E-113259)

    Intra-scope rules were not showing up in the App Group rules menu. This issue is fixed.

  • report_monitor and traffic_query services flapping on coordinator replica node after OS upgrade (E-113024) 

    On DX configurations, adding a new CC (Citus Coordinator) node or a new CW (Citus Worker) node to the cluster sometimes caused flapping of some services, such as report_monitor or traffic_query. This flapping occurred because IP restrictions on some current nodes of the cluster did not account for the new node IP addresses.

  • Policy check not properly showing Rules Pending status (E-112974)

    The Policy check did not show that Rules Pending was disabled. This issue is fixed.

  • Lookup by external_data_reference not working (E-111950)

    When a label was created using the API and later edited in the UI, the lookup by external_data_reference did not work. This issue is fixed.

  • Unresponsive web page when writing rules (E-110946)

    When users were writing a rule in the PCE, the webpage became unresponsive. This issue is fixed.

Containers

  • Kubernetes Workload service network interfaces are unnecessarily updated upon every Node update (E-114962)

    On every network interface update of a cluster node, the network interfaces of every Kubernetes Workload of type Service were getting updated. This caused a large amount of `workload_ip_address_change` event creations when used with thousands of services. This behavior worsened when many nodes were re-deployed at the same time (unpair/pair) while there were Kubernetes Workloads already present.

  • Container cluster reporting "Virtual service is still active on a workload" after upgrading to "clusterMode: migrateLegacyToClas" (E-114727)

    After a non-CLAS (legacy) deployment was upgraded to CLAS mode, existing container clusters running multiple ClusterIP virtual services each went into an Error Status, with each cluster detail page also displaying a "Virtual service is still active on a workload" message.